Amendments to the claims, 

Listing of all claims pursuant to 37 CFR 1.121(c) 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Previously presented) A method implemented in a computer system for 
specifying and enforcing entitlements for performance of financial transactions, the 
method comprising: 

in a computer system having at least a processor and memory, providing a 
hierarchical entitlement structure with inheritance for specifying entitlements for 
performing financial transactions; 

receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said financial 
transactions, and membership of each user; 

in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement structure 
applicable to the particular user's performance of the financial transaction. 

2. (Original) The method of claim 1, wherein said hierarchical entitlement 
structure provides that a given entitlement group inherits permissions provided to its 
parent entitlement group in said hierarchical entitlement structure. 

3. (Original) The method of claim 2, wherein said step of defining a plurality of 
entitlement groups includes restricting permissions inherited by an entitlement group 
from its parent entitlement group in said hierarchical entitlement structure. 

4. (Original) The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining permissions to access particular objects in a 
financial application. 
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5. (Original) The method of claim 4, wherein said step of defining a plurality of 
entitlement groups includes defining permissions to perform functions on said particular 
objects. 

6. (Original) The method of claim 4, wherein at least some of said particular 
objects represent bank accounts. 

7. (Original) The method of claim 1, wherein said limits comprise limitations on 
values of financial transactions to be performed. 

8. (Original) The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits comprising a selected one of per-transaction 
limits and cumulative limits over a period of time. 

9. (Original) The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining permissions applying to a selected one of functions 
of a financial application and objects of a financial application. 

10. (Original) The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits applicable to individual users. 

1 1 . (Original) The method of claim 1 , wherein said step of defining a plurality of 
entitlement groups includes defining limits applicable collectively to members of an 
entitlement group. 

12. (Original) The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits applying collectively to a particular 
entitlement group and children entitlement groups of said particular entitlement group in 
said hierarchical entitlement structure. 
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13. (Original) The method of claim 1, further comprising: 

tracking financial transactions performed for purposes of determining compliance 
with limits. 

14. (Original) The method of claim 13, wherein said step of tracking financial 
transactions performed includes maintaining running total values of financial transactions 
performed in cache for improved performance. 

15. (Original) The method of claim 14, wherein said step of determining whether 
to allow the particular user to perform the financial transaction includes determining 
whether any limits have been exceeded based on the running total values and the value of 
the financial transaction requested by the particular user. 

16. (Original) The method of claim 1 , further comprising: 

maintaining permission information for entitlement groups in the hierarchical 
entitlement structure in cache to improve system performance. 

17. (Original) The method of claim 16, wherein said permission information is 
modeled as three-tuples representing negative permissions. 

18. (Original) The method of claim 1, wherein permissions provided to an 
entitlement group include permissions to administer a certain other entitlement group. 

19. (Original) The method of claim 18, wherein permissions to administer a 
particular entitlement group include modifying permissions of said certain other 
entitlement group. 

20. (Original) The method of claim 18, wherein said permissions to administer a 
certain other entitlement group are subject to limitations defined for the entitlement group 
having said permissions to administer. 
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21 . (Original) The method of claim 1, wherein permissions provided to an 
entitlement group include permissions to extend a certain other entitlement group. 

22. (Original) The method of claim 21, wherein permissions to extend a certain 
other entitlement group include permissions to define a child entitlement group of said 
particular entitlement group. 

23. (Canceled). 

24. (Canceled). 

25. (Previously presented) A system for specifying and enforcing entitlements for 
performance of financial transactions, the system comprising: 

a computer having at least a processor and memory; 

a hierarchical entitlement structure with inheritance for specifying entitlements 
for performing financial transactions; 

a user input module for specifying a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said financial 
transactions, and user membership; and 

an enforcement module for determining, in response to a particular user's request 
to perform a given financial transaction at runtime, whether to allow the particular user to 
perform the financial transaction based on permissions and limits of said hierarchical 
entitlement structure applicable to the entitlement group of which the particular user is a 
member. 

26. (Previously presented) The system of claim 25, wherein said hierarchical 
entitlement structure provides that a given entitlement group inherits permissions 
provided to its parent entitlement group in said hierarchical entitlement structure. 

27. (Previously presented) The system of claim 26, wherein said plurality of 
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entitlement groups includes a child entitlement group inheriting permissions from its 
parent entitlement group in said hierarchical entitlement structure; wherein restrictions 
are applied to the permissions inherited by such child inheritance group. 

28. (Previously presented) The system of claim 25, wherein said permissions to 
perform financial transactions include permissions to access particular objects in a 
financial application. 

29. (Previously presented) The system of claim 28, wherein said step wherein 
said permissions to perform financial transactions include permissions to perform 
functions on said particular objects. 

30. (Previously presented) The system of claim 28, wherein at least some of said 
particular objects represent bank accounts. 

3 1 . (Previously presented) The system of claim 25, wherein said limits comprise 
limitations on values of financial transactions to be performed. 

32. (Previously presented) The system of claim 3 1 , wherein limitations on values 
of financial transactions to be performed comprise a selected one of per-transaction limits 
and cumulative limits over a period of time. 

33. (Previously presented) The system of claim 25, wherein said permissions to 
perform financial transactions include permissions applying to a selected one of functions 
of a financial application and objects of a financial application. 

34. (Previously presented) The system of claim 25, wherein said specifying a 
plurality of entitlement groups includes specifying limits applicable to individual users. 

35. (Previously presented) The system of claim 25, wherein said specifying a 
plurality of entitlement groups includes specifying limits applicable collectively to 
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members of an entitlement group. 

36. (Previously presented) The system of claim 25, wherein said specifying a 
plurality of entitlement groups includes specifying limits applying collectively to a 
particular entitlement group and children entitlement groups of said particular entitlement 
group in said hierarchical entitlement structure. 

37. (Previously presented) The system of claim 25, further comprising: 
a module for tracking financial transactions performed for purposes of 

determining compliance with limits. 

38. (Previously presented) The system of claim 37, wherein said module for 
tracking financial transactions performed maintains running total values of financial 
transactions performed in cache memory of the computer. 

39. (Previously presented) The system of claim 38, wherein said enforcement 
module determines whether to allow the particular user to perform the financial 
transaction based, at least in part, on said running total values and the value of the 
financial transaction requested by the particular user. 

40. (Previously presented) The system of claim 25, further comprising: 

a module for maintaining permission information for entitlement groups in the 
hierarchical entitlement structure in cache memory of the computer. 

41 . (Previously presented) The system of claim 40, wherein said permission 
information is modeled as three-tuples representing negative permissions. 

42. (Previously presented) The system of claim 25, wherein permissions provided 
to an entitlement group include permissions to administer a certain other entitlement 
group. 
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43. (Previously presented) The system of claim 42, wherein permissions to 
administer a particular entitlement group include modifying permissions of said certain 
other entitlement group. 

44. (Previously presented) The system of claim 42, wherein said permissions to 
administer a certain other entitlement group are subject to limitations defined for the 
entitlement group having said permissions to administer. 

45. (Previously presented) A method for defining and enforcing permissions and 
limits on performance of financial transactions in a banking system, the method 
comprising: 

in a banking system implemented in a computer system having at least a 
processor and memory, receiving user input defining a plurality of entitlement groups, 
wherein each entitlement group has specified users, permissions to perform financial 
transactions and limits on performance said financial transactions; 

organizing said plurality of entitlement groups into hierarchical structure with 
inheritance specifying permissions and limits for performing financial transactions; 

in response to a particular user request to perform a financial transaction in the 
banking system at runtime, identifying the particular user's membership in a certain 
entitlement group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement structure 
applicable to the particular user's performance of the financial transaction. 
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